Skip to main content
CVE-2023-32560 CRITICAL POC THREAT Emergency

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Avalanche
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
98.9%
CVE-2023-32563 CRITICAL POC THREAT Act Now

An unauthenticated attacker could achieve the code execution through a RemoteControl server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Avalanche
NVD
CVSS 3.1
9.8
EPSS
90.2%
CVE-2023-39966 CRITICAL POC PATCH Act Now

1Panel is an open source Linux server operation and maintenance management panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 1panel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37734 CRITICAL POC Act Now

EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mp3 Audio Converter
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37069 CRITICAL POC Act Now

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-39964 HIGH POC PATCH This Week

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal 1panel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40225 HIGH POC PATCH This Week

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Request Smuggling Haproxy
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2023-40235 MEDIUM POC PATCH This Month

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Archi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-37988 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Contact Form Generator
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-39806 CRITICAL Act Now

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Icms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39805 CRITICAL Act Now

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Icms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32564 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
37.4%
CVE-2023-32562 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
38.4%
CVE-2023-38034 CRITICAL Act Now

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti RCE Command Injection Unifi Uap Firmware Unifi Switch Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-35085 CRITICAL Act Now

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Ubiquiti Unifi Uap Firmware Unifi Switch Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32567 CRITICAL Act Now

Ivanti Avalanche decodeToMap XML External Entity Processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Avalanche
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-36311 CRITICAL Act Now

There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Document Creator
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39776 CRITICAL Act Now

A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ticket Support Script
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26311 CRITICAL Act Now

A remote code execution vulnerability in the webview component of OPPO Store app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Oppo Store
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-26309 CRITICAL Act Now

A remote code execution vulnerability in the webview component of OnePlus Store app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Store
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-30699 CRITICAL Act Now

Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37625 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-32565 CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2023-32566 CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2023-4276 HIGH PATCH This Week

The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Absolute Privacy
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-4277 HIGH PATCH This Week

The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Realia
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-31209 HIGH This Week

Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Checkmk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-39965 MEDIUM POC PATCH This Month

1Panel is an open source Linux server operation and maintenance management panel. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 1panel
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-39954 HIGH PATCH This Week

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud User Oidc
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-28129 HIGH This Week

DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Desktop Server Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39963 HIGH PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39957 HIGH PATCH This Week

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Google Nextcloud Talk
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38246 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38234 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2023-38233 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-38231 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-38229 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Adobe Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2023-38228 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2023-38227 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2023-38226 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2023-38225 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2023-38224 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2023-38223 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer that could result in arbitrary code execution in the context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2023-38222 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2023-29320 HIGH This Week

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Acrobat Dc Acrobat Reader Dc Acrobat +1
NVD
CVSS 3.1
7.8
EPSS
4.6%
CVE-2023-30702 HIGH This Week

Stack overflow vulnerability in SSHDCPAPP TA prior to &quot;SAMSUNG ELECTONICS, CO, LTD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Microsoft Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30697 HIGH This Week

An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30696 HIGH This Week

An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30695 HIGH This Week

Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to &quot;SAMSUNG ELECTONICS, CO, LTD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Microsoft Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30694 HIGH This Week

Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy